So far 2 users on Windows 7 Pro 64bit and AnyConnect 3.0.4235 & 3.0.5080 lose Local LAN access and internet for the first 10-12 minutes after AnyConnect establishes the VPN connection. We've duplicated the issue in the lab on a 192.168.2.0 network like they have at home. That network is not part of the split tunnel. Other users that use that range for their home network are working ok, with same versions of AnyConnect. We've tested on wired and wireless connections, either one loses local lan access and internet for first 10-12 minutes, then magically everything starts working.
After AnyConnect establishes VPN, immidiatly, the local gateway becomes unreachable, a constant ping to local gateway and internet (220.127.116.11) stop, then occasionally the internet ping replies for a few pings then stops again, yet the local gateway is unreachable for the full 10-12 minutes.
I've checked the route print of the laptop with the problem during the problem and compared it to a laptop that works fine and the routes in question are identical, it should work. But for some reason it fails until something in the background clears up in those 10-12 minutes. Any ideas?
We are still experiancing this issue, and now have 3 users experiancing the issues. We've tried updating the drivers on wired and wireless cards. We do have 1 laptop on windows ultimate that is not having the issue, this laptop is also not using the company windows 7 image which is Pro.
Unfortunatly the laptop that is working is on Windows 7 Ultimate and has different wireless and wired hardware.
We're trying to remove and readd the route in windows 7 pro laptop that is having the issues.
Ended up opening a Cisco TAC ticket, see if we can get some help.
After further testing with AnyConnect 3.0.5080, Windows 7 Pro 64bit and a Belkin N600 DB I believe the problem is the Belkin N600 DB does not handle SSL VPN well, documentation states it supports IPSec VPN Pass-through though.
I think the router is too new, so I haven't found anyone else having the problem. We thought the problem was due to the fact that the Belkin N600 DB is configured to be the DHCP, DNS and Gateway, however further testing with another two wireless routers today (AT&T U-Verse 2-Wire 3801HGV & Linksys 3200) which are also configued to provide all the services worked just fine.
We connect to the internet, launch AnyConnect and establish VPN and we don't lose internet at all and the VPN works just fine. When we use the Belkin, the internet stops working for the first 10 minutes, but VPN traffic is fine. Still not sure what happens during those 10 minutes but for now it's only happening on the Belkin N600 DB.
We found the problem was actually Symantec Anti Virus. When AnyConnect client was establishing the connection and bringing up the VPN interface, Symnatec recieved some packets from the VPN interface that it did not have an established connection in it's database for and saw it as an intrusion, per policy rules, it blocked traffic from the VPN interface for 10 minutes.
An upgrade to symantec solved the issue, or telling the Symantec client to stop blocking traffic worked too.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...